[RELEASE] testelev.cmd

[jaclaz]

I am trying to put together a simple (or as simple as possible) set of batch commands to be run on both XP/2003 and Vista /7/8/8.x/Server 2008R1/2008R2/2012/*possibly whatever later* that DO NEED Admin credentials (on XP/2003) and REAL Admin (elevated) credentials on the later OS's.

 

At the end of the day, I have come out with the attached testelev.cmd.

Everything should be "language/locale independent", but you never know. until actually tested.

 

 

Description from within the batch:

 

::testelev.cmd small batch file to check Windows version and

::credentials, self-elevating if needed, limited to good NT based systems

::without the senseless UAC, i.e. XP/2003 (BUT NOT NT or 2000)

::conventionally "pre-Vista"

::And to the senseless UAC featured NT systems, conventionally "Vista or later"

::

::To possibly add compatibility with 2000 (but NOT NT) change the command:

::FSUTIL DIRTY QUERY %systemdrive%

::to:

::SFC 2>&1 | FIND /I "/SCANNOW"

::Version 0.02 06 February 2015

::Based on ideas found here: http://stackoverflow.com/questions/4051883/batch-script-how-to-check-for-admin-rights

::And here: http://stackoverflow.com/questions/7985755/how-to-detect-if-cmd-is-running-as-administrator-has-elevated-privileges

::It uses the elevate.exe from here: http://code.kliu.org/misc/elevate/

 

I have little chances to test the batch in all conditions, i.e. when run:

• as non Admin from command prompt
• as above but by double clicking the batch
• as Admin from command prompt
• as above but by double clicking the batch
• as Admin ELEVATED from command prompt
• as above but by double clicking the batch
• in any other way

on all the (hopefully) supported OS, so, if any member would be so kind to test it in the *whatever* OS he/she is running and post a report *like* (example):

OS: Vista

Language: English

Test #1 OK

Test #2 OK

Test #3 OK

Test #4 Issue <insert here description of what happens>

Test #5 OK

Test #6 Issue <insert here description of what happens>

Test #7 N/A

it would greatly help to improve or change it (if needed) or to confirm it's good/working *everywhere*.

 

Thanks in advance for reports/feedback/comments.

 

jaclaz

P.S.: Batch updated, please re-download if you got it before the time of this EDIT.

testelev.zip

Edited February 6, 2015 by jaclaz

[Dave-H]

OK, I've done some tests.

I don't have any non-administrative accounts set up on my 8.1 machines.

I'll give you the whole output.

The ones that end with "press any key" would have closed the prompt if I had done at that point of course!

 

Windows 8.1 Admin from non-elevated prompt -

Microsoft Windows [Version 6.3.9600](c) 2013 Microsoft Corporation. All rights reserved.C:\Users\Dave>s:S:\>testelevVista , or later, ...BUILTIN\Administrators                                        Alias            S-1-5-32-544 Group used for deny onlyOK, I am a local admin ...I am NOT running elevated, BAD.The needed file elevate.exe is missingget it from http://code.kliu.org/misc/elevate/and put it somewhere in PATH or in th esame directory of the batchPress any key to continue . . .S:\>

Windows 8.1 Admin from non-elevated prompt double clicking -

Vista , or later, ...BUILTIN\Administrators                                        Alias            S-1-5-32-544 Group used for deny onlyOK, I am a local admin ...I am NOT running elevated, BAD.The needed file elevate.exe is missingget it from http://code.kliu.org/misc/elevate/and put it somewhere in PATH or in th esame directory of the batchPress any key to continue . . .

Windows 8.1 Admin from elevated prompt -

Microsoft Windows [Version 6.3.9600](c) 2013 Microsoft Corporation. All rights reserved.C:\WINDOWS\system32>s:S:\>testelevVista , or later, ...BUILTIN\Administrators                                        Alias            S-1-5-32-544 Mandatory group, Enabled by default, Enabled group, Group ownerOK, I am a local admin ...Mandatory Label\High Mandatory Level                          Label            S-1-16-12288... and I am running elevated, good.Press any key to continue . . .Imagine that this is an actually useful command executed in elevated mode.Volume - C: is NOT DirtyPress any key to continue . . .S:\>

Windows 8.1 Admin from elevated prompt double clicking -

Vista , or later, ...BUILTIN\Administrators                                        Alias            S-1-5-32-544 Mandatory group, Enabled by default, Enabled group, Group ownerOK, I am a local admin ...Mandatory Label\High Mandatory Level                          Label            S-1-16-12288... and I am running elevated, good.Press any key to continue . . .Imagine that this is an actually useful command executed in elevated mode.Volume - C: is NOT DirtyPress any key to continue . . .

Windows XP from prompt -

Microsoft Windows XP [Version 5.1.2600](C) Copyright 1985-2001 Microsoft Corp.C:\XP User Files\Dave>s:S:\>testelevXP or 2003 ...... I am an Admin, nothing to do.Press any key to continue . . .Imagine that this is an actually useful command executed in elevated mode.Volume - D: is NOT DirtyPress any key to continue . . .S:\>

Windows XP from double clicking -

XP or 2003 ...... I am an Admin, nothing to do.Press any key to continue . . .Imagine that this is an actually useful command executed in elevated mode.Volume - D: is NOT DirtyPress any key to continue . . .

HTH.

[jaclaz]

Good.

Os detection and credential levels detection seem to be accurate.

THOUGH these:

Windows 8.1 Admin from non-elevated prompt -

Windows 8.1 Admin from non-elevated prompt double clicking

Are actually non-reports, I mean, guess WHAT EXACTLY the batch is trying to tell you ? :

The needed file elevate.exe is missing

get it from http://code.kliu.org/misc/elevate/

and put it somewhere in PATH or in th esame directory of the batch

(and that you are kindly required to comply with before re-running the batch)

Corrected the typo "th esame" into "the same" and added redirection to nul to the Whoami commands in the attached, no version number change, please re-download and re-test (once having added the elevate.exe) just on Windows 8.1 (the XP is OK, and I can test it myself), thanks.

jaclaz

[Dave-H]

Sorry, I'm being an id*** again!

Here is the 8.1 output with a non-elevated prompt, with the elevate.exe file added!

A UAC prompt had to be OKed both times.

 

From Command Prompt -

**********************************************************************************FIRST PROMPT WINDOW RESULTING IN UAC PROMPT**********************************************************************************Microsoft Windows [Version 6.3.9600](c) 2013 Microsoft Corporation. All rights reserved.C:\Users\Dave>s:S:\>testelevVista , or later, ...BUILTIN\Administrators                                        Alias            S-1-5-32-544 Group used for deny onlyOK, I am a local admin ...I am NOT running elevated, BAD.S:\>**********************************************************************************SECOND PROMPT WINDOW WHICH THEN POPPED UP AFTER THE UAC PROMPT WAS DISMISSED**********************************************************************************Vista , or later, ...BUILTIN\Administrators                                        Alias            S-1-5-32-544 Mandatory group, Enabled by default, Enabled group, Group ownerOK, I am a local admin ...Mandatory Label\High Mandatory Level                          Label            S-1-16-12288... and I am running elevated, good.Press any key to continue . . .Imagine that this is an actually useful command executed in elevated mode.Volume - C: is NOT DirtyPress any key to continue . . .

From double-clicking -

**********************************************************************************SECOND PROMPT WINDOW AFTER FIRST AUTOMATICALLY CLOSED WHEN UAC PROMPT DISMISSED**********************************************************************************Vista , or later, ...BUILTIN\Administrators                                        Alias            S-1-5-32-544 Mandatory group, Enabled by default, Enabled group, Group ownerOK, I am a local admin ...Mandatory Label\High Mandatory Level                          Label            S-1-16-12288... and I am running elevated, good.Press any key to continue . . .Imagine that this is an actually useful command executed in elevated mode.Volume - C: is NOT DirtyPress any key to continue . . .

 

[bphlpt]

I also did not have a non-administrative account handy, and all my command windows are automatically elevated.
 
OS - Win7 x64
Language - English
(1) N/A
(2) N/A
(3) N/A
(4) N/A
(5) OK
(6) OK
(7) - People should already know, but their anti-virus could possibly interfere with this script, so it should be temporarily disabled before running the script, unless your script could be configured to test for an offending condition ( probably too complicated to be worthwhile )?  I have Win7 x64 Ultimate and run as an admin, but when I ran the script with my anti-virus enabled - COMODO Internet Security with HIPS [Host-based intrusion prevention system -- ie a sandbox] - then the script got into an endless loop where it said I was not running elevated, BAD, spawned a new command window, and repeated forever until I killed the script with CTRL-C.

 

Output from 5 and 6:

Vista , or later, ...BUILTIN\Administrators                                        Alias            S-1-5-32-544                                   Mandatory group, Enabled by default, Enabled group, Group ownerOK, I am a local admin ...Mandatory Label\High Mandatory Level                          Label            S-1-16-12288                                   Mandatory group, Enabled by default, Enabled group             ... and I am running elevated, good.Press any key to continue . . .  Imagine that this is an actually useful command executed in elevated mode.Volume - C: is NOT Dirty Press any key to continue . . . 

Edited February 6, 2015 by bphlpt

[Dave-H]

My shortcuts run elevated prompts too, but just putting "cmd" in the run box I hope still runs a non-elevated one!

I just use Windows Defender on Windows 8.1, and it didn't seem to cause any problems.

I used the 64 bit version of elevate.exe.

As an aside, why on earth did the board software automatically put asterisks in the word "id**t" (I've done it for it this time!) in my last post?

That's a bit over-sensitive surely!

Edited February 6, 2015 by Dave-H

[bphlpt]

As an aside, why on earth did the board software automatically put asterisks in the word "id**t" (I've done it for it this time!) in my last post?

That's a bit over-sensitive surely!

 

It has done that for quite awhile.  Instead, you could write it as id1ot or id10t or idi0t.

 

Cheers and Regards

[jaclaz]

The redirection to nul of the Whoami seems like not happening.

can you try on a plain cmd prompt (in windows 8.x) these commnds?:

1. whoami /Groups | FIND "S-1-5-32-544"
2. whoami /Groups | FIND "S-1-5-32-544" >nul
3. whoami /Groups | FIND "S-1-5-32-544" >nul 2>&1

#1 should output the BUILTIN\Administrators  ...

#2 should output nothing (as it is redirected to nul, but seemingly it still does output the same)

#3 maybe actually outputs nothing as also the error is redirected to standard

 

@bhplt

With reference to #7, Maybe it is possible to set a counter of some kind in such a way that it detects the second loop and exits throwing a message like "Your stupid antivirus or something else is conflicting with this script, re-run it under FULL Admin credentials (Elevated command prompt)."

 

jaclaz

[Dave-H]

Here's what I got -

Microsoft Windows [Version 6.3.9600](c) 2013 Microsoft Corporation. All rights reserved.C:\Users\Dave>whoami /Groups | FIND "S-1-5-32-544"BUILTIN\Administrators                                        Alias            S-1-5-32-544 Group used for deny onlyC:\Users\Dave>whoami /Groups | FIND "S-1-5-32-544" >nulC:\Users\Dave>whoami /Groups | FIND "S-1-5-32-544" >nul 2>&1C:\Users\Dave>

 

[jaclaz]

Well then you posted earlier (on post #4) *something* else from what was asked, i.e. you posted the output of the earlier version

 

Corrected the typo "th esame" into "the same" and added redirection to nul to the Whoami commands in the attached, no version number change, please re-download and re-test (once having added the elevate.exe) just on Windows 8.1 (the XP is OK, and I can test it myself), thanks.

 

Maybe we "lost sync" or cross-posted.

The version attached to post #1 does have redirection to nul, so it shouldn't have created the output you posted on #4.

But also bhplt posted the same (is it possible that he also went "out-of-sync"? )

 

Can you please re-download and re-test?

 

jaclaz

Edited February 9, 2015 by jaclaz

[Dave-H]

Sorry again jaclaz, here is the output with the current version, I had completely missed that you had updated it!

I really should learn to read things properly.......

 

 

Windows 8.1 Admin from non-elevated prompt -

**********************************************************************************FIRST PROMPT WINDOW RESULTING IN UAC PROMPT**********************************************************************************Microsoft Windows [Version 6.3.9600](c) 2013 Microsoft Corporation. All rights reserved.C:\Users\Dave>s:S:\>testelevVista , or later, ...OK, I am a local admin ...I am NOT running elevated, BAD.S:\>**********************************************************************************SECOND PROMPT WINDOW WHICH THEN POPPED UP AFTER THE UAC PROMPT WAS DISMISSED**********************************************************************************Vista , or later, ...OK, I am a local admin ...... and I am running elevated, good.Press any key to continue . . .Imagine that this is an actually useful command executed in elevated mode.Volume - C: is NOT DirtyPress any key to continue . . .

Windows 8.1 Admin from non-elevated prompt double clicking -

**********************************************************************************SECOND PROMPT WINDOW AFTER FIRST AUTOMATICALLY CLOSED WHEN UAC PROMPT DISMISSED**********************************************************************************Vista , or later, ...OK, I am a local admin ...... and I am running elevated, good.Press any key to continue . . .Imagine that this is an actually useful command executed in elevated mode.Volume - C: is NOT DirtyPress any key to continue . . .

Windows 8.1 Admin from elevated prompt -

Microsoft Windows [Version 6.3.9600](c) 2013 Microsoft Corporation. All rights reserved.C:\WINDOWS\system32>s:S:\>testelevVista , or later, ...OK, I am a local admin ...... and I am running elevated, good.Press any key to continue . . .Imagine that this is an actually useful command executed in elevated mode.Volume - C: is NOT DirtyPress any key to continue . . .S:\>

Windows 8.1 Admin from elevated prompt double clicking -

Vista , or later, ...OK, I am a local admin ...... and I am running elevated, good.Press any key to continue . . .Imagine that this is an actually useful command executed in elevated mode.Volume - C: is NOT DirtyPress any key to continue . . .

 

[jaclaz]

Sorry again jaclaz, here is the output with the current version, I had completely missed that you had updated it!

I really should learn to read things properly.......

No prob, with these (lately) few hiccups of the board it is easy to get "out of sync" .

 

So, it seems like the thingy - at least in 8.1 - is working fine.

 

jaclaz

[DosProbie]

Jaclaz, Here is the output as non-admin with Windows 10 build 9926.

~DP

Imagine that this is an actually useful command executed in elevated mode.

Error:  Access is denied.



Press any key to continue . . .

[jaclaz]

 

Jaclaz, Here is the output as non-admin with Windows 10 build 9926.

~DP 

 

Which is good , as another confirmation how stupid the stupid Windows 10 (which at the moment of this writing is a NON-released new, experimental OS) actually is.

 

When (if) it will be released, then - maybe - we will be able to see what are the results in that stupid environment of the "base" commands used in the batch and hopefully there will be some official documentation about the stupid changes that are/will be implemented in it.

If you could post the output of running the VER and of the WHOMAI /groups commands in it, I could add a few lines *like* :

VER | FINDSTR /i "6\.[4]\." > nulIF %ERRORLEVEL% EQU 0 (ECHO You are running a stupid OS, we cannot cure that, sorry .GOTO :EOF)

More seriously, add just before the ":just_do_it" label a line *like*:

ECHO NOT Xp/2003, NOR Vista up to 8.1, this must be a crappy new OS...exiting...&PAUSE&GOTO :EOF

And experiment with adding something *like*:

VER | FINDSTR /i "6\.[4]\." > nulIF %ERRORLEVEL% EQU 0 (ECHO Windows 10 or whatever, ...whoami /groups | find "S-1-5-32-544" >nul && ECHO OK, I am a local admin ...whoami /groups | find "S-1-16-12288" >nul || ECHO I am NOT running elevated, BAD.&&GOTO :do_elevateFSUTIL DIRTY QUERY %systemdrive% >nul || ECHO ... wait a minute, I need elevation anyway&&GOTO :do_elevateECHO ... and I am running elevated, good.PAUSEGOTO :just_do_it)

in the same place, before the added "ECHO NOT Xp/2003, ...".

 

I am assuming in the above that the windows version reported is 6.4 and that the whoami/groups output has not changed, but have no way to check these assumptions.

jaclaz

[Yzöwl]

jaclaz, here are the results from my console windows testing the commands you gave above.